Seald: documentation

# @seald-io/sdk

SealdSDK allows you to use the full power of Seald encryption, directly in your application, whether a web-application in the browser, a Node.js server, a react-native mobile app, ...

You can create and retrieve Seald identities for your app's users, encrypt and decrypt files, create encryption sessions, add or revoke recipients ...

You can find the full changelog at https://www.seald.io/changelog#sdk (opens new window).

Example:

import SealdSDK from '@seald-io/sdk'

const seald = SealdSDK({
  appId,
  apiURL
})
await seald.initialize()

// Creating a Seald identity
await seald.initiateIdentity({ userId, userLicenseToken })

// Encrypting / Decrypting data
const encryptedFile = await seald.encryptFile('Secret file content', 'SecretFile.txt', { sealdIds: ['Other-User'] })
const decryptedFile = await seald.decryptFile(encryptedFile)

# Table of contents

# SDK Interfaces

# Helpers Interfaces

# SDK Constructor Type Aliases

# Helpers Type Aliases

# Other Type Aliases

# SDK Constructor Type Aliases

# SDKConstructor

Ƭ SDKConstructor: (args: { apiURL?: string ; appId: string ; createEncryptionSessionCache?: (args: { appId: string ; databasePath?: string ; dbKey?: InstanceType<SSCrypto["SymKey"]> ; encryptionSessionCacheTTL: number ; scrypt: SCrypt ; sscrypto: SSCrypto }) => EncryptionSessionCache | Promise<EncryptionSessionCache> ; databaseKey?: string ; databasePath?: string ; databaseRawKey?: string ; encryptionSessionCacheCleanupInterval?: number ; encryptionSessionCacheTTL?: number ; getRSAKeyPromise?: (size?: 1024 | 2048 | 4096) => Promise<string> ; hairlessURL?: string ; keySize?: 1024 | 2048 | 4096 ; libPhoneNumber?: LibPhoneNumber ; nedbClient?: NedbClient ; plugins?: SDKPlugin[] ; scrypt?: SCrypt ; shouldWaterfallApi?: boolean ; sscrypto?: SSCrypto }) => SealdSDK

# Type declaration

▸ (args): SealdSDK

# Parameters
Name Type Description
args Object -
args.apiURL? string The Seald server URL to use.
args.appId string The appId given to you by Seald. It is the unique identifier of your application for Seald's servers.
args.createEncryptionSessionCache? (args: { appId: string ; databasePath?: string ; dbKey?: InstanceType<SSCrypto["SymKey"]> ; encryptionSessionCacheTTL: number ; scrypt: SCrypt ; sscrypto: SSCrypto }) => EncryptionSessionCache | Promise<EncryptionSessionCache> Function that returns an encryption session cache. The cache must have get, set, keys and delete methods. Default to an in-memory Map. The function receives as arguments some values that could be useful (appId, encryptionSessionCacheTTL, dbKey, ...), as well as some helpers (sscrypto, scrypt). This function must never throw, and the methods of the cache itself must never throw either.
args.databaseKey? string If you are using a persistent database, the key to encrypt it with. A random string of at least 32 alphanumeric characters, stored by your back-end and given after authentication, is recommended. This will be derived into the actual encryption key.
args.databasePath? string If you want to have a persistent database, use this argument. On Node, takes a directory path. On the browser, takes an arbitrary string that will be a localStorage key. If not given, defaults to a memory-only non-persistent database.
args.databaseRawKey? string If you are using a persistent database, the raw key to encrypt it with. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. This avoids deriving the databaseKey with scrypt. If you have any doubt, use databaseKey instead.
args.encryptionSessionCacheCleanupInterval? number Interval in milliseconds between auto cleans of the cache. Defaults to Math.max(encryptionSessionCacheTTL, 10000), which means equal to encryptionSessionCacheTTL with a minimum of 10s. Set to 0 to force default. Set to -1 to disable automatic cleanup.
args.encryptionSessionCacheTTL? number Duration of cache lifetime in milliseconds. -1 to cache for lifetime. Default to 0 (no cache).
args.getRSAKeyPromise? (size?: 1024 | 2048 | 4096) => Promise<string> To manually pass an RSA key generation implementation to override the current SDK's default implementation. Must take a key size in bits, and return a string corresponding to an export of the private key in base64 using ASN.1 syntax with DER encoding wrapped in a PKCS#8 enveloppe as per RFC 5958, and encoded per PKCS#1 v2.2 specification. To force using SSCrypto key generation, pass null. For advanced use only.
args.hairlessURL? string The Seald URL to use for documents for non-Seald users. Only change it if asked to by the Seald team.
args.keySize? 1024 | 2048 | 4096 Change the Asymmetric key size for newly generated keys. Defaults to 4096. Warning: for security, it is extremely not recommended to lower this value. For advanced use only.
args.libPhoneNumber? LibPhoneNumber Pass the import from 'google-libphonenumber' npm package if you want to use SMS-related features for entrusted recipients.
args.nedbClient? NedbClient To manually pass a follicle database client instance to the SDK. For advanced use only.
args.plugins? SDKPlugin[] Array of plugins to add to this SDK instance.
args.scrypt? SCrypt To manually pass an SCrypt implementation to override the current SDK's default implementation. Must take a Buffer for password, another Buffer for salt, derive them with SCrypt with parameters N=16384, r=8, p=1, an output length of 64 bytes, and return the output as a binary Buffer. For advanced use only.
args.shouldWaterfallApi? boolean Should all requests to Seald's servers be serialized. Safer, but may be a bit slower. Defaults to false.
args.sscrypto? SSCrypto To manually pass an SSCrypto implementation to override the current SDK's default implementation. For advanced use only.
# Returns

SealdSDK

# Helpers Type Aliases

# AuthorizeRecipientResult

Ƭ AuthorizeRecipientResult: Object

# Type declaration

Name Type
addedHairlessRecipients { [key: string]: { already_recipient: boolean ; already_seald: boolean ; error: { code: string ; id: string } ; status: number }; }
addedRecipients { [key: string]: { error: null | { code: string ; id: string } ; status: number }; }

# Recipients

Ƭ Recipients: Object

# Type declaration

Name Type Description
sealdIds? string[] Internal Seald IDs. Returned for users with sdk.getCurrentAccountInfo, for groups when creating them.
userIds? string[] The IDs of users inside your app. First specified when you create an identity

# RevokeResult

Ƭ RevokeResult: Object

# Type declaration

Name Type Description
sealdIds { [sealdId: string]: "ok" | "ko"; } Of the form { 'sealdId': 'ok'|'ko' }
unregisteredRecipients { [unregisteredUser: string]: "ok" | "ko"; } Of the form { 'email@domain.com': 'ok'\|'ko' } or {'AP/${userId}@${appId}': 'ok'\|'ko' }

# SCrypt

Ƭ SCrypt: (password: Buffer, salt: Buffer) => Promise<Buffer>

# Type declaration

▸ (password, salt): Promise<Buffer>

# Parameters
Name Type
password Buffer
salt Buffer
# Returns

Promise<Buffer>

# Other Type Aliases

# EncryptionSessionCache

Ƭ EncryptionSessionCache: Object

# Type declaration

Name Type
delete (id: string) => boolean | void | Promise<boolean | void>
get (id: string, dateOnly?: boolean) => EncryptionSessionCacheEntry | Promise<EncryptionSessionCacheEntry>
keys () => Iterable<string> | Promise<Iterable<string>>
set (id: string, value: EncryptionSessionCacheEntry) => void | EncryptionSessionCache | Promise<void | EncryptionSessionCache>

# EncryptionSessionCacheEntry

Ƭ EncryptionSessionCacheEntry: Object

# Type declaration

Name Type
serializationDate number
sessionSymKey string

# PreGeneratedIdentityKey

Ƭ PreGeneratedIdentityKey: Object

# Type declaration

Name Type
privateEncryptingKeyPromise Promise<string>
privateSigningKeyPromise Promise<string>
rand string
ready boolean

# SSCrypto

Ƭ SSCrypto: Object

# Type declaration

Name Type
PrivateKey PrivateKeyConstructor<PrivateKey>
PublicKey PublicKeyConstructor<PublicKey>
SymKey SymKeyConstructor<SymKey>
utils Utils

# SerializationHook

Ƭ SerializationHook: (s: string) => string

# Type declaration

▸ (s): string

# Parameters
Name Type
s string
# Returns

string

# SerializationHooks

Ƭ SerializationHooks: Object

# Type declaration

Name Type
afterSerialization SerializationHook
beforeDeserialization SerializationHook
testSerializationHooks? boolean

Interface: SealdSDK